On Tue, 2008-03-25 at 19:37 -0400, Ricky Zhou wrote: > On 2008-03-25 06:04:16 PM, Dennis Gilmore wrote: > > Products to be evaluated: > > > > http://pki.fedoraproject.org/wiki/PKI_Main_Page > > https://www.openca.org/ > > http://ejbca.sourceforge.net/ > > Something custom > We took a quick look at some of these in IRC, and I'd personally prefer > something that doesn't use LDAP for storage (since we didn't end up > going with LDAP for FAS, and it seems like overkill for just the CA). Even not using LDAP for all of FAS, there's still a lot of things we could export from the db -> ldap to be more easily used and accessible. So I wouldn't discount LDAP just because it's not the backing store of FAS. > I haven't looked too deeply yet, but I'm currently leaning towards > something custom. Would certmaster possibly be a good project to work > on for providing this kind of functionality? Also, going off and building our own thing feels like it's going to be a long-term detriment. Some of the bits for proper CRLs and the like are not trivial and very important to get "right" Jeremy _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list